IE7 Vulnerability? Not So Much

In the same week that Internet Explorer 7 is released to the public there have been claims of a report of its first vulnerability. While some folks have reported web page incompatibilities Microsoft has denied any security flaw.

According to Secunia “A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information.”
They even provide a test you can run to check if your browser is vulnerable.  ( Click Here )

My new IE7 browser failed the test

Secunia admits this threat is “Less Critical” but they advocate users disable Active Scripting. Unfortunately, this will also kill the functionality of most web pages including most of mine.

Christopher Budd from Microsoft has been quick to respond saying…

These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express.

While we are aware that the issue has been publicly disclosed, we’re not aware of it being used in any attacks against customers.

We do have this under investigation and are monitoring the situation closely and we’ll take appropriate action to protect our customers once we’ve completed the investigation